Search

US-12627511-B2 - Device onboarding in distributed systems

US12627511B2US 12627511 B2US12627511 B2US 12627511B2US-12627511-B2

Abstract

Methods and systems for managing endpoint devices are disclosed. The endpoint devices may be managed by onboarding them. To onboarding the endpoint devices, ownership vouchers and proxy certificates may be used to cryptographically verify to which entities authority over the endpoint devices have been delegated. The proxy certificates may extend certificate and/or delegation chains in ownership vouchers to other devices. The extended chains may eliminate the need for proliferation of keys used to demonstrate authority over endpoint devices.

Inventors

  • Bradley K. Goodman
  • Joseph Caisse
  • GOVIND PULIKODE MUKUNDAN

Assignees

  • DELL PRODUCTS L.P.

Dates

Publication Date
20260512
Application Date
20240326

Claims (20)

  1. 1 . A method for managing endpoint devices, the method comprising: during an onboarding of an endpoint device of the endpoint devices: obtaining, by the endpoint device, an ownership voucher and a proxy certificate from an orchestrator controlled by an owner of the endpoint device, the ownership voucher delegates an authority over the endpoint device to the owner while the proxy certificate extends the authority over the endpoint device from the owner to a second entity different from the owner; attempting to validate that: the proxy certificate is signed using a key associated with the owner, and the orchestrator is in possession of a key referenced by the proxy certificate; in an instance of the attempting where the proxy certificate is validated as being signed with the key associated with the owner and the orchestrator is validated as being in possession of the key referenced by the proxy certificate: concluding, by the endpoint device, that the authority over the endpoint device has been extended from the owner to the orchestrator, the orchestrator being the second entity; and based on the authority, completing the onboarding in cooperation with the orchestrator, wherein the ownership voucher and the proxy certificate both comprise delegation statements that delegate the authority over the endpoint device to entities, the entities comprising the owner and the second entity, the ownership voucher comprising a first portion of the delegation statements that delegates the authority over the endpoint device to a first portion of the entities while the proxy certificate comprises a second portion of the delegation statements that is different from the first portion of the delegation statements, and the second portion of the delegation statements delegates the authority over the endpoint device to a second portion of the entities different from the first portion of the entities.
  2. 2 . The method of claim 1 , wherein attempting to validate that the proxy certificate is signed using the key associated with the owner comprises: attempting to identify a certificate chain stored in the ownership voucher that allegedly delegates the authority over the endpoint device to the owner; in an instance of the attempting to identify the certificate chain where at least one certificate chain of the ownership voucher is found to allegedly delegate the authority: attempting to cryptographically validate the at least one certificate chain; in an instance of the attempting to cryptographically validate the at least one certificate chain where the at least one certificate chain is cryptographically validated successfully: identifying a delegation statement in the at least one certificate chain indicating that the authority over the endpoint device has been delegated to an entity associated with a public private key pair; and attempting to use a public key of the public private key pair to validate that the proxy certificate is signed using the key.
  3. 3 . The method of claim 2 , wherein the key associated with the owner is a private key of the public private key pair, and the private key is controlled by the owner.
  4. 4 . The method of claim 3 , wherein the private key is inaccessible to the orchestrator.
  5. 5 . The method of claim 1 , wherein completing the onboarding comprises: obtaining, by the endpoint device and from the orchestrator, a signed instruction; attempting, by the endpoint device, to validate the signed instruction using a public key to which the proxy certificate delegates the authority over the endpoint device; and in an instance of the attempting to validate where the signed instruction is validated: following, by the endpoint device, the signed instruction.
  6. 6 . The method of claim 5 , wherein attempting to validate the signed instruction comprises using a signature verification algorithm to attempt to establish trust in the signed instruction using the public key to which the proxy certificate delegates the authority over the endpoint device.
  7. 7 . The method of claim 5 , wherein the signed instruction indicates performance of at least one action selected from a list of actions consisting of: replacing an existing root of trust maintained by the endpoint device; and modifying a configuration of the endpoint device.
  8. 8 . The method of claim 5 , wherein the public key to which the proxy certificate delegates the authority over the endpoint device is part of a second public private key pair, and the orchestrator controls a private key of the second public private key pair and uses the private key to sign instructions issued to at least some of the endpoint devices.
  9. 9 . The method of claim 1 , wherein the ownership voucher and the proxy certificate are a unitary data structure, and the unitary data structure comprises the delegation statements that delegate the authority over the endpoint device to the entities.
  10. 10 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing endpoint devices, the operations comprising: during an onboarding of an endpoint device of the endpoint devices: obtaining, by the endpoint device, an ownership voucher and a proxy certificate from an orchestrator controlled by an owner of the endpoint device, the ownership voucher delegates an authority over the endpoint device to the owner while the proxy certificate extends the authority over the endpoint device from the owner to a second entity different from the owner; attempting to validate that: the proxy certificate is signed using a key associated with the owner, and the orchestrator is in possession of a key referenced by the proxy certificate; in an instance of the attempting where the proxy certificate is validated as being signed with the key associated with the owner and the orchestrator is validated as being in possession of the key referenced by the proxy certificate: concluding, by the endpoint device, that the authority over the endpoint device has been extended from the owner to the orchestrator, the orchestrator being the second entity; and based on the authority, completing the onboarding in cooperation with the orchestrator, wherein the ownership voucher and the proxy certificate both comprise delegation statements that delegate the authority over the endpoint device to entities, the entities comprising the owner and the second entity, the ownership voucher comprising a first portion of the delegation statements that delegates the authority over the endpoint device to a first portion of the entities while the proxy certificate comprises a second portion of the delegation statements that is different from the first portion of the delegation statements, and the second portion of the delegation statements delegates the authority over the endpoint device to a second portion of the entities different from the first portion of the entities.
  11. 11 . The non-transitory machine-readable medium of claim 10 , wherein attempting to validate that the proxy certificate is signed using the key associated with the owner comprises: attempting to identify a certificate chain stored in the ownership voucher that allegedly delegates the authority over the endpoint device to the owner; in an instance of the attempting to identify the certificate chain where at least one certificate chain of the ownership voucher is found to allegedly delegate the authority: attempting to cryptographically validate the at least one certificate chain; in an instance of the attempting to cryptographically validate the at least one certificate chain where the at least one certificate chain is cryptographically validated successfully: identifying a delegation statement in the at least one certificate chain indicating that the authority over the endpoint device has been delegated to an entity associated with a public private key pair; and attempting to use a public key of the public private key pair to validate that the proxy certificate is signed using the key.
  12. 12 . The non-transitory machine-readable medium of claim 11 , wherein the key associated with the owner is a private key of the public private key pair, and the private key is controlled by the owner.
  13. 13 . The non-transitory machine-readable medium of claim 12 , wherein the private key is inaccessible to the orchestrator.
  14. 14 . The non-transitory machine-readable medium of claim 10 , wherein completing the onboarding comprises: obtaining, by the endpoint device and from the orchestrator, a signed instruction; attempting, by the endpoint device, to validate the signed instruction using a public key to which the proxy certificate delegates the authority over the endpoint device; and in an instance of the attempting to validate where the signed instruction is validated: following, by the endpoint device, the signed instruction.
  15. 15 . An endpoint device, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the endpoint device to perform operations for onboarding, the operations comprising: during an onboarding of the endpoint device: obtaining an ownership voucher and a proxy certificate from an orchestrator controlled by an owner of the endpoint device, the ownership voucher delegates an authority over the endpoint device to the owner while the proxy certificate extends the authority over the endpoint device from the owner to a second entity different from the owner; attempting to validate that: the proxy certificate is signed using a key associated with the owner, and the orchestrator is in possession of a key referenced by the proxy certificate; in an instance of the attempting where the proxy certificate is validated as being signed with the key associated with the owner and the orchestrator is validated as being in possession of the key referenced by the proxy certificate: concluding, by the endpoint device, that the authority over the endpoint device has been extended from the owner to the orchestrator, the orchestrator being the second entity; and based on the authority, completing the onboarding in cooperation with the orchestrator, wherein the ownership voucher and the proxy certificate both comprise delegation statements that delegate the authority over the endpoint device to entities, the entities comprising the owner and the second entity, the ownership voucher comprising a first portion of the delegation statements that delegates the authority over the endpoint device to a first portion of the entities while the proxy certificate comprises a second portion of the delegation statements that is different from the first portion of the delegation statements, and the second portion of the delegation statements delegates the authority over the endpoint device to a second portion of the entities different from the first portion of the entities.
  16. 16 . The endpoint device of claim 15 , wherein attempting to validate that the proxy certificate is signed using the key associated with the owner comprises: attempting to identify a certificate chain stored in the ownership voucher that allegedly delegates the authority over the endpoint device to the owner; in an instance of the attempting to identify the certificate chain where at least one certificate chain of the ownership voucher is found to allegedly delegate the authority: attempting to cryptographically validate the at least one certificate chain; in an instance of the attempting to cryptographically validate the at least one certificate chain where the at least one certificate chain is cryptographically validated successfully: identifying a delegation statement in the at least one certificate chain indicating that the authority over the endpoint device has been delegated to an entity associated with a public private key pair; and attempting to use a public key of the public private key pair to validate that the proxy certificate is signed using the key.
  17. 17 . The endpoint device of claim 16 , wherein the key associated with the owner is a private key of the public private key pair, and the private key is controlled by the owner.
  18. 18 . The endpoint device of claim 17 , wherein the private key is inaccessible to the orchestrator.
  19. 19 . The endpoint device of claim 15 , wherein completing the onboarding comprises: obtaining, by the endpoint device and from the orchestrator, a signed instruction; attempting, by the endpoint device, to validate the signed instruction using a public key to which the proxy certificate delegates the authority over the endpoint device; and in an instance of the attempting to validate where the signed instruction is validated: following, by the endpoint device, the signed instruction.
  20. 20 . The endpoint device of claim 15 , wherein the ownership voucher and the proxy certificate are a unitary data structure, and the unitary data structure comprises the delegation statements that delegate the authority over the endpoint device to the entities.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provision Patent Application 63/455,215, filed on Mar. 28, 2023, and titled “Group-Based Secure Onboarding Orchestration By-Proxy”, and is incorporated by reference in its entirety here. FIELD Embodiments disclosed herein relate generally to device management. More particularly, embodiments disclosed herein relate to systems and methods to manage onboarding of devices. BACKGROUND Computing devices may provide computer-implemented services. The computer-implemented services may be used by users of the computing devices and/or devices operably connected to the computing devices. The computer-implemented services may be performed with hardware components such as processors, memory modules, storage devices, and communication devices. The operation of these components, and hosted entities such applications, may impact the performance of the computer-implemented services. BRIEF DESCRIPTION OF THE DRAWINGS Embodiments disclosed herein are illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements. FIG. 1A shows a block diagram illustrating a system in accordance with an embodiment. FIGS. 1B-1K show diagrams illustrating aspects of operation of the system of FIG. 1A in accordance with an embodiment. FIGS. 2A-2B show interaction diagrams in accordance with an embodiment. FIG. 3 shows a flow diagram illustrating a method in accordance with an embodiment. FIG. 4 shows a block diagram illustrating a data processing system in accordance with an embodiment. DETAILED DESCRIPTION Various embodiments will be described with reference to details discussed below, and the accompanying drawings will illustrate the various embodiments. The following description and drawings are illustrative and are not to be construed as limiting. Numerous specific details are described to provide a thorough understanding of various embodiments. However, in certain instances, well-known or conventional details are not described in order to provide a concise discussion of embodiments disclosed herein. Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in conjunction with the embodiment can be included in at least one embodiment. The appearances of the phrases “in one embodiment” and “an embodiment” in various places in the specification do not necessarily all refer to the same embodiment. References to an “operable connection” or “operably connected” means that a particular device is able to communicate with one or more other devices. The devices themselves may be directly connected to one another or may be indirectly connected to one another through any number of intermediary devices, such as in a network topology. In general, embodiments disclosed herein relate to methods and systems for managing authority in a distributed system. To manage authority, endpoint devices may be onboarded. During onboarding, authority over the endpoint devices may be established. To establish the authority, ownership vouchers, proxy certificates, and/or other data structures may be presented to the endpoint devices. The endpoint devices may utilize these data structures to identify the entities that have authority over the endpoint devices. The ownership vouchers may delegate authority over the endpoint devices by including public keys. The public keys may be used to demonstrate that an entity alleged to have authority of the endpoint device has access to corresponding private keys. In some cases, entities such as orchestrators tasked with onboarding may not have access to such corresponding private keys. For example, to reduce key proliferation, the private keys to which authority is delegated in the ownership vouchers may not be distributed to orchestrators or other entities tasked with performing onboarding processes for endpoint devices. To enable orchestrators to demonstrate that they have authority over the endpoint devices, the proxy certificates may extend the chains of certificates/delegations included in the ownership voucher. The extended chains may designate keys controlled by the orchestrators as have authority over the endpoint devices. Thus, the endpoint devices may validate that the orchestrators have been delegated authority over the endpoint device from other entities to which authority is explicitly delegated in the ownership vouchers. By doing so, embodiments disclosed herein may facilitate establishment of authority while limiting key proliferation. Accordingly, a system in accordance with embodiments disclosed herein may be less like to suffer and suffer at reduced levels from compromises of devices that may expose keys used to establish authority for onboarding and/or other purposes. For example, keys to which authority is delegated in ownership vouchers may be generally restricted from d